search

vxunderground / MalwareSourceCode

Collection of malware source code for a variety of platforms in an array of different programming languages.
https://vx-underground.org
15.43k stars 1.72k forks source link

PUBG Cheat with keylogger implemented #88

Open LoadingQ opened 3 weeks ago

LoadingQ commented 3 weeks ago

A guy in a telegram group shared a weird file named 'bgmi shit.zip' which he claimed it to be a PUBG Mobile Cheat. I said this is malware since there was a weird .exe as well as .bin files. What also was there was a disassembled python file which I looked into. There started to look normal like as a cheat would be expected but I found a telegram sending function which I suspected of what it could be. I asked him and he starting calling me idiot, retard, Indian... Just to don't admit he messed up.

The file is too large (77MB) to be uploaded, here you have the mega.nz link: https://mega.nz/file/Q7cxEKyA#RCsdC8EAkd2EF4p1tTw5jnL431t8KzngdiiFr3-a_Oo SHA256: 56ccde41d04cf241c33674863c92e47f5a5488a2e237df4a48527c00c9514539 VT: https://www.virustotal.com/gui/file/56ccde41d04cf241c33674863c92e47f5a5488a2e237df4a48527c00c9514539

The part of the malware is in the line 93 of the decompiled.py file. Here's a screenshot: image

Clearly in the image can be seen that there's a function that sends messages to a Telegram bot, and apparently it checks each key you type and sends them back to the telegram bot.

After that he continued calling me an idiot and said he's done with it, an administrator checked what I typed and then he got banned.

Enjoy this peace of malware and hope you liked the little story!

SaadSaid158 commented 1 week ago

Wow, what a jerk!

Good to be careful, I know too many people who have fallen prone to such malware. Nice job and good reverse engineering skills, I can say, I do not have the best skills in malware reverse engineering.

LoadingQ commented 1 week ago

Wow, what a jerk!

Good to be careful, I know too many people who have fallen prone to such malware. Nice job and good reverse engineering skills, I can say, I do not have the best skills in malware reverse engineering.

Thanks, it is true a lot of people have fallen on this but what hurts me more was that admins said it was clean as well as some other members which I later just tried to prove them wrong. This is just a compilation of all the proof I've posted there. After that happened I just seen it interesting people is doing this new type of spreading method, which I think is only targeted for pubg since theres no background thread for it.